Discussion

• @tenacioustek Etienne on x

  So @ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police https://twitter.com/...

• @awinston Ali Winston on x

  Protonmail turns over data for climate activists to French law enforcement https://twitter.com/...

• @muarf @muarf on x

  @pygy ... Cops are lying ? https://twitter.com/...

• @ra6bit Rabbit on x

  In the end a legal company cannot protect you from a legal request if they want to remain legal. End of story. If your threat model involves evading a legal system, a for-profit company is not going to help you.

• @tc_johnson @tc_johnson on x

  The users, especially the paying ones, if @ProtonMail deserve an explanation as to how the service was able to hand an IP address to law enforcement. The front page says, “By default, we do not keep any IP logs which can be linked to your anonymous email account.”

• @brokep Peter Sunde Kolmisoppi on x

  So, @ProtonMail had to give out information about one of their users. Navigating what has happened is a bit tricky, and I'm not going to complain about the fact that Proton handed out the data. Why? Thread. https://twitter.com/...

• @openterms @openterms on x

  👀 @ProtonMail has given its Privacy policy a slight but essential refresh on Sept. 6. “If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation.” ⤵️ https://github.com/... https://twitter.com/...

• @film_girl Christina Warren on x

  This is a massive failure of communication from @ProtonMail. The problem isn't that PM complied with Swiss laws, it's that secretly logging IPs was never something prominently stated as possibility in the marketing. https://protonmail.com/...

• @kennwhite Kenn White on x

  According to this TechCrunch report, Proton Mail turned on IP logging & supplied metadata to authorities for ~8 months during the investigation of these users, as apparently required under Swiss law. https://techcrunch.com/... https://twitter.com/...

• @_jack_poulson Jack Poulson on x

  In response to ProtonMail's complicity in the arrest of a French climate activist, the company is now making it clear that you should use their website through Tor. https://protonmail.com/... https://twitter.com/...

• @kennwhite Kenn White on x

  Good thread. This is why many of us, for years, when challenged with “But it's based in Switzerland!” argument for some security-related consumer service have resigned to deep inhales, closed eyes, and slow pinch-massage to the bridge of our nose. Sure, yep. Zurich. Go wild. http…

• @mrwilwang Wil Wang on x

  “According to its transparency report, #ProtonMail received 13 orders from #Swiss authorities back in 2017 — but that had swelled to over three and a half thousand (3,572!) by 2020.” 🤔 https://techcrunch.com/...

• @erratarob @erratarob on x

  I see stories claiming this Proton Mail incident targeted a “French climate activist”. Not true. It targeted an activist who was breaking into homes and businesses to protest gentrification of their neighborhood. https://techcrunch.com/...

• @trishankkarthik Trishank Karthik Kuppusamy on x

  Surprise You can't simply outsource cryptography to a third party and expect the same security Most people who have a Protonmail address have no idea how it works https://techcrunch.com/...

• @aricohn Ari Cohn on x

  Whatever facially palatable reasons are concocted to earn your support (or more frequently to make it challenging to oppose them), remember that the true purpose of laws mandating Internet logging is government surveillance and abuse. https://www.slashgear.com/...

• @carnage4life Dare Obasanjo on x

  Apple has gone after apps for #3 and #4 but then misjudged how much people care about #2 with recent announcements. Proton Mail is hitting the same challenge but difference here is they were compelled by law, Apple wasn't.

• @evacide Eva on x

  Protonmail turns over IP logs of a climate activist's account in response to a Swiss court order. Is this exactly what they have always said they would do? Yes. This is why there are no easy answers in privacy/security and careful threat modeling is key. https://twitter.com/...

• @notdan @notdan on x

  This is why I do not ever trust a single service to protect my identity. IP address, or anything. While I thought @ProtonMail & @ProtonVPN were more resilient than this, it didn't stop me from using other mixed VPN services from accessing their Email platform. Use Layers, Always.…

• @protonmail @protonmail on x

  @nigroeneveld ... We indeed don't collect user IP logs by default. However, under Swiss law, Proton can be forced to start collecting information on a particular account under Swiss criminal investigation, as stated in our Privacy policy. Learn more here: https://protonmail.com/.…

• @protonmail @protonmail on x

  @Therealmattm98 Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders. More details here: https://protonmail.com/...

• @julian0liver Julian Oliver on x

  ProtonMail releases some helpful clarifications, apologises, and says they'll rework how they communicate their legal obligations to users. Does seem they were cornered under Swiss law to cough up the data https://protonmail.com/...

• @alyssam_infosec @alyssam_infosec on x

  Thinking on my thread earlier this week about VPNs and feeling some relief that I didn't choose Proton VPN. Not because they complied with the order, but rather because of how shady they're being about it after the fact. https://www.slashgear.com/...

• @protonmail @protonmail on x

  @WillieHowe @TC_Johnson We will be making updates to our website to better clarify ProtonMail's obligations in cases of criminal prosecution and we apologize if this was not clear. We've shared some clarifications here: https://protonmail.com/...

• @protonmail @protonmail on x

  @__devLeft @nikolajkornbech We will be making updates to our website to better clarify ProtonMail's obligations in cases of criminal prosecution and we apologize if this was not clear. More details about the incident can also be found here: https://protonmail.com/...

• @ahmetb Ahmet Alp Balkan on x

  Turns out Protonmail is handing 200 customers' info to the authorities each year. Remember when Lavabit shut themselves down when they had 400K customers because they had to turn in SSL keys to US govt, but they didn't want to risk even 1 user (which turned out to be @snowden)? h…

• @ra6bit Rabbit on x

  I don't blame ProtonMail for complying with a lawful request.. but I do blame them for having advertised anonymity features for years they can't ultimately provide legally.

• @filosottile Filippo Valsorda on x

  Strong disagree. As always, the problem with ProtonMail is not that they don't deliver an impossible product (secure email), but that they advertise it. It's a choice, they know it, they benefit from it, their users believe it, and they are responsible for it. https://twitter.com…

• @jksteinberger @jksteinberger on x

  .@ProtonMail explains their actions here: they say they were forced to hand over user IP addresses & devices because the suspect committed a crime under Swiss law and “The prosecution in this case seems quite aggressive.” https://www.reddit.com/... https://twitter.com/...

• @gossithedog Kevin Beaumont on x

  There's a good thread on ProtonMail here. When services say they don't keep logs, laugh. Businesses are businesses and will business when the police turn up. https://twitter.com/...

• @carnage4life Dare Obasanjo on x

  This is #2 of 4 types of privacy • protecting your information from other users • protecting your information from the government • protecting your information from the company providing the service • protecting your information from business partners of the service provider http…